Signal is non-federated. That, alone, is a showstopper as an email replacement.
Open and federated protocols and services should be our target. It is hard designing them, but if we could do that in the past, we should be able to do so today.
Two replies about email replacement; I feel like we’re getting off track. Signal is for secure, end to end encrypted communication. Ideally that would be all communication, but that isn’t realistic in today’s world.
TFA merely says: if you were gonna use PGP, use Signal instead. It’s a trade off. While we target these open and federated protocols, let’s not throw people who actually need encryption today under the bus.
So to the question of replacing email: unless all your email is currently PGP encrypted, you don’t need to drop your email just yet.
> So to the question of replacing email: unless all your email is currently PGP encrypted, you don’t need to drop your email just yet.
You don't need to drop email at all. If you trade protocol openness for encryption, you are acquiring technical debt. How long are going to do this dance of switching between instant messenger protocols? ICQ -> AIM -> MS Messenger -> Hangouts -> WhatsApp -> Signal -> ???.
Open protocols (open in specs and federated in access) are the only way to stop this madness.
In the past Google and Facebook supported xmpp(jabber) protocol. That was real step in right direction. You could use your client and OTR plugin to encrypt all communications. It all ended in 2015.
(I think a lot of useful Signal properties are much harder to do with federation, but that’s a subtle enough problem that it warrants a long form post, not a HN comment. I agree that ceteris paribus federation is better than not—but c.p. is doing a lot of work there :))
Is there some reason to believe it didn't happen (mostly) for the reasons stated by the respective parties at the time? 'federated' is often brought up as an unalloyed good so casually but as you point out yourself, there's a huge overhead, conceptually, operationally, etc.
IMHO, Matrix currently has the best shot at becoming the standard for the open internet.
Those who value the freedom of choice should push for Matrix before Signal becomes the de-facto standard and is acquired by one of the tech giants looking to lock down control of communication.
Matrix is too dependent on it's only vendor in existence, their only server in existence has performance issues. Also, a monolith standard is hardly viable for federated networks, where all nodes can't upgrade all at once.
I wouldn't use keybase where I need reliability due to their vague TOS (that came into effect around the beginning of this year): They can ban you from their service if they deem your actions outside their platform unacceptable.
I’m having a hard time believing just how polar opposite of my point people are taking me, I must be explaining myself very, very poorly.
Let go of the idea of “good”, nothing is currently good. Everything is terrible. The only thing that’s “good” is a federated, open, and secure in practice protocol (I.e. not just for people who use it properly, but for people who is it full stop. Like HTTPS, for example.) Today, we don’t have that. Let’s work towards that. Let’s make it happen tomorrow.
But today: federated or secure, pick one. (See TFA)
Meanwhile , there are people , today, with a real need for encryption. (See TFA) A need that transcends our long term plans. These people look at what “techies” do and say, and they imitate it. That’s the way of the world.
It is currently PGP. That is not secure, in practice when used by those people (see TFA). Therefore, we need to stop using PGP, use Signal for now, until we have an actually good solution that is better than Signal and PGP.
That’s the summary of the article.
Nobody is talking about replacing all email. Nobody says the status quo is good. Heck, nobody is really arguing for Signal, as much as arguing against PGP, and signal winning by default. That’s all.
We’re all on the same side here, guys. It’s just a matter of temporary compromise.
> We’re all on the same side here, guys. It’s just a matter of temporary compromise.
I get that, and I actually agree with you on almost this whole comment. The problem of the temporary compromise on Signal is that I don't believe it is temporary. Signal is actually good enough to prevent the transition to the optimum. Being non-federated, Signal will always have a single point of failure, but this will get masked until it is eventually exploited.
> There is not a federated messenger that provides the same security as Signal.
Actually, there are federated messengers that provide better security and privacy than Signal. Yes, XMPP ones. They might not have the same convenience yet, yes, because they are not tied to phone numbers, but don't even get me started by trying to say that tie to phone numbers is a plus.
So ergonomics trump security for you. That's fine. Stop telling people that they can safely follow your lead, because you've prioritized things other than their safety.
An incremental evolution may cause us to get stuck in a local maximum. You are correct that the incremental step is necessary. You are ignoring that this incremental step sets us onto a path of closed protocols. In time we'll be worse off.
So that's two things you think we should prioritize over people's safety: ergonomics and technological progress. You're digging the hole deeper for your argument.
That's what federation is. All else being equal, you'd prefer people use less secure messaging so that you can have greater choice of clients and servers, and run your own server.
I don't get the implication between federation and ergonomics. Federation is the ability for competing providers to operate in the protocol space. Does it lead to better ergonomics, worse ergonomics?
I don't think it impacts ergonomics.
What federation does is:
a) Remove the single point of failure present in Signal;
b) Promote competition between service providers.
None of these can be argued against.
Note that I'm not defending we stick with email. I'm defending we shouldn't move to a non-federated protocol. That fixes one thing and breaks another. Choose xmpp, matrix, design a better messaging protocol, ... Just don't take a step forward when facing the abyss on the merits of taking forward steps.
TFA merely says: if you were gonna use PGP, use Signal instead. It’s a trade off. While we target these open and federated protocols, let’s not throw people who actually need encryption today under the bus.
So to the question of replacing email: unless all your email is currently PGP encrypted, you don’t need to drop your email just yet.